CVE-2021-45940 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40868): libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (4 bytes) in __bpf_object__open (called from bpf_object__open_mem and bpf-object-fuzzer.c). CVE-2021-45941 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40957): libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in __bpf_object__open (called from bpf_object__open_mem and bpf-object-fuzzer.c).
Is it clear that 0.6.1 was affected? To me it looks like the issue was already fixed in december 11, when 0.6.1 was tagged, so it's likely to no longer be affected. Furthermore there is now 0.7.0 in tree which should certainly not be affected, unless I'm completely misunderstanding the automatic fuzzing reports.
Yep, looks like the fixed commit is 33ec2ca026d568c4820324752be09a51460b7005, which is in 0.7.0, so need to stable 0.7.0. Shouldn't hurt to just trust the oss-fuzz tracking here. Maintainer: please stabilize 0.7.0.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=94cab9ea037c1bdeb49d9b07fe53a36a43a10119 commit 94cab9ea037c1bdeb49d9b07fe53a36a43a10119 Author: Jakov Smolić <jsmolic@gentoo.org> AuthorDate: 2022-03-15 18:00:50 +0000 Commit: Jakov Smolić <jsmolic@gentoo.org> CommitDate: 2022-03-15 18:00:50 +0000 dev-libs/libbpf: drop 0.6.1 Bug: https://bugs.gentoo.org/830368 Signed-off-by: Jakov Smolić <jsmolic@gentoo.org> dev-libs/libbpf/Manifest | 1 - dev-libs/libbpf/libbpf-0.6.1.ebuild | 51 ------------------------------------- 2 files changed, 52 deletions(-)
